Yokogawa CAMS for HIS
Monitor6.4ICS-CERT ICSA-22-174-02Jun 23, 2022
Attack VectorAdjacent
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
A vulnerability in Yokogawa CAMS for HIS (Computer-Aided Monitoring System for Human Interface Station) allows a compromised CAMS computer to compromise other CAMS systems on the network with the potential to crash affected software. The vulnerability affects CENTUM CS 3000, CENTUM VP, Exaopc, B/M9000 VP, and B/M9000CS systems across multiple versions. No remote exploitation is possible; an attacker must already have local or network access to a CAMS computer.
What this means
What could happen
If a control system HIS computer running CAMS is compromised, an attacker could use it to attack other HIS computers on the network and crash production monitoring software, disrupting visibility into plant operations or process status.
Who's at risk
Water utilities, power utilities, and other process industries using Yokogawa CENTUM or Exaopc HIS systems for SCADA monitoring and control. Specifically affects organizations running CAMS for HIS on CENTUM CS 3000, CENTUM VP, Exaopc, B/M9000 VP, or B/M9000CS platforms. Impact is on HIS (human interface station) computers used by operators to monitor and manage plant operations.
How it could be exploited
An attacker must first gain access to a computer running CAMS for HIS software through local compromise, network access to the HIS network, or physical access. Once inside, the attacker can exploit the vulnerability to move laterally to other CAMS computers on the same network and cause them to crash or become unstable.
Prerequisites
- Local or network access to a computer running CAMS for HIS software
- Access to the control system or HIS network where CAMS systems are deployed
No patch available for end-of-life product versionsLow complexity attackAffects visibility and control of plant operationsLateral movement risk within HIS network
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (5)
2 with fix2 pending1 EOL
ProductAffected VersionsFix Status
B/M9000 VP:≥ R6.01.01 | ≤ R8.03.01No fix yet
B/M9000CS:≥ R5.04.01 | ≤ R5.05.01No fix yet
Exaopc:≥ R3.72.00 | ≤ R3.80.00 (these product versions are affected if NTPF100-S6 "For CENTUM VP Support CAMS for HIS" is installed)R3.80.01
CENTUM CS 3000 (including CENTUM CS 3000 Entry Class):≥ R3.08.10 | ≤ R3.09.00. | LHS4800 (CAMS for HIS) is installed.No fix (EOL)
CENTUM VP (including CENTUM VP Entry Class):≥ R4.01.00 | ≤ R4.03.00 (these product versions are affected only if CAMS function is used) Versions R5.01.00 through R5.04.20 and R6.01.00 through R6.09.00 (these product versions are affected regardless of whether CAMS function is used or not)R6.09.03
Remediation & Mitigation
0/7
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
B/M9000CS:
HOTFIXB/M9000 VP and B/M9000CS: If CENTUM is installed on the same PC, apply CENTUM patches above and update B/M9000 to latest version
All products
HOTFIXCENTUM VP R6.01.00 through R6.09.00: Update to Version R6.09.00 and apply software patch R6.09.03
HOTFIXExaopc R3.72.00 through R3.80.00: Update to Version R3.80.00 and apply software patch R3.80.01
HOTFIXCENTUM VP R4.01.00 through R4.03.00 and R5.01.00 through R5.04.20: Upgrade to latest CENTUM VP version (end-of-life products)
HOTFIXCENTUM CS 3000 R3.08.10 through R3.09.00: Upgrade to latest CENTUM VP version (end-of-life product, no patch available)
Mitigations - no patch available
0/2CENTUM CS 3000 (including CENTUM CS 3000 Entry Class): has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate CAMS for HIS computers on a dedicated network segment from other control system networks and untrusted networks to prevent lateral movement
HARDENINGImplement network access controls and firewall rules to restrict communications between CAMS systems to only necessary production traffic
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9a819e34-d6b1-45dc-aa4c-94356539ef51